It seems like new security holes with trusted IT solutions are brought to light everyday. You don’t have to look far for an example. Just look at KRACK. KRACK, or the Key Reinstallation AttaCK, was an extremely dangerous vulnerability that affected the WPA2 protocol. This protocol was used in nearly every wireless internet transaction, and given our collective reliance on WiFi, it impacted quite a lot of people. The majority of the world has recovered since the news of this vulnerability, but it’s important to look at these events and try to learn from them. So let’s look at the question, “How can you secure your organization’s WiFi in light of web vulnerabilities?”
How Organizations Use WiFi
Before we suggest some ways to remediate your security posture against web vulnerabilities like KRACK, and protect against WiFi breaches, let’s step back and understand how most organizations are leveraging WiFi. Over the last decade, virtually every organization has made the leap to WiFi from wired networks. The benefits are significant, including more agile teams, productivity enhancements, and cost savings. The challenge with WiFi has always been security.
A wired network can be more tightly controlled, and initially that was a significant reason why IT admins didn’t move to WiFi. However, the pull was too strong. The benefits and flexibility of WiFi are incredibly powerful, and outweighed the advantages to an on-prem network. On top of that, IT vendors also created additional layers of security to WiFi that would help make IT admins more comfortable with the move. WPA2 was a part of this process. Of course, the wireless access points also started to integrate enterprise grade capabilities such as RADIUS protocol support.
Preparing for Web Vulnerabilities
Unfortunately, as we now know, these steps weren’t enough. As the KRACK vulnerability showed, there was a significant flaw in the client side libraries of devices connecting via WiFi using WPA2. The vulnerability allowed attackers to see all encrypted traffic between endpoints and the WAP (Wireless Access Point).
The fix for KRACK was to update the client side solutions. Platforms such as Android devices, (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/securing-wifi-in-light-of-web-vulnerabilities/